This thread will cover installation of a dedicated Ubuntu server, Apache Web service and WordPress web site. The server will be installed inside a virtual machine vSphere 5.5 running on ESXi 5.5 servers. Although there are some VMware-specific steps, they are very few and the majority of this documentation will work for other VMs such as VirtualBox or even directly installed onto a physical machine. If you have any advice on doing things better, please let me know. I love feedback and learning better ways of doing things!

After Ubuntu Server is installed, Apache web server will be installed and configured. Next will be the installation and configuration of WordPress which will utilize an existing remote MySQL server.

This documentation will need to make use of some very-specific information that will most-likely be different for each person / location. And as such, I will note some of these in this section. They will be highlighted in red throughout the document as a reminder that you should plug-in your own value rather than actually using my "place-holder" value.

Under no circumstance should you use the actual values I list below. They are place-holders for the real thing. This is just a checklist template you need to have answered before you start the install process.

Wherever you see RED in this document, you need to substitute it for what your company uses. Use the list below as a template you need to have answered before you continue.

Ubuntu Server name: srv-wordpress

Internet domain: mydomain.com

Ubuntu Server IP address: 192.168.107.30

Ubuntu Server IP subnet mask: 255.255.255.0

Ubuntu Server IP gateway: 192.168.107.1

Internal DNS Server 1: 192.168.107.212

Internal DNS Server 2: 192.168.107.213

External DNS Server 1: 8.8.8.4

External DNS Server 2: 8.8.8.5

Ubuntu Admin ID: administrator

Ubuntu Admin Password: myadminpass

Email Server (remote): 192.168.107.25

MySQL Server (remote): 192.168.107.20

MySQL root Password: mysqlrootpass

MySQL WordPress user: wordpressuser

MySQL WordPress Password: mysqlwordpresspass

Windows Share ID: wordpressshare

Windows Share Password: mywordpresssharepass

I also assume the reader knows how to use the VI editor. If not, you will need to beef up your skill set or use a different editor in place of it.

The above commands will allow the database account to connect from any machine from anywhere in the world. This might be OK if your database is not accessible outsite your local network or if your machine name changes or you have multiple servers that connect to the same database that use the same ID. You can make this more secure by specifying your application server when granting access. Make sure the database server will recognize the server name (via hosts file or DNS) or just use the IP address:

CREATE USER 'wordpressuser'@'srv-wordpress' IDENTIFIED BY 'wordpressuserpass';
GRANT ALL ON wordpress.* TO 'nextclouduser'@'srv-nextcloud';

or

CREATE USER 'wordpressuser'@'192.168.107.30' IDENTIFIED BY 'wordpressuserpass';
GRANT ALL ON wordpress.* TO 'wordpressuser'@'192.168.107.30';

This will prevent anyone knowing the credentials from logging into the database from any other remote machine not specified in the grant command.

If your application is running on the database server (typical on a developer machine / non-production scenario), create the user like this:

CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpressuserpass';
GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost';

This will prevent anyone knowing the credentials from logging into the database from any other remote machine.

If you mess anything up, you can remove the database and user by issuing these commands:

If you plan on utilizing email functions (and who doesn't!!!), type the following commands:

aptitude -y install php-pear
pear install mail
pear install Net_SMTP

Restart the Apache service:

service apache2 restart

Create the following file: /var/www/phpinfo.php

<?php
phpinfo();
?>

To verify that Apache is running and working, open a web browser and go to http://192.168.107.30 and you should see a web page that says "It works!"

To verify that PHP is running, open a web browser and go to http://192.168.107.30/phpinfo.php and you should see a long web page showing PHP configuration information along with a mysql and mysqli sections.

Add Web Site Icon

If you want a custom icon to show up to the left of URL in the address bar, you need to follow these steps.

Create a 16x16 image that is 16 colors (4-bit) with dimensions of 16x16 pixels and save it as a .BMP file called favicon.bmp

Use your favorite icon editor to convert the BMP image to an ICO file. (e.g. IrfanView)

Once you get logged into your WordPress dashboard, you might want to add a few plugins.

It is a simple matter of clicking on the "Plugins" link to the left on your dashboard and then click "Add New", find/select a plugin and then activate it.

Here are some plugins I like to use which suit my environment:

Local Avatars by Peter Sterling

Event Calendar / Scheduler by DHTMLX LTD

NextGEN Gallery by Photocrafti Media

Smart Youtube PRO by Vladimir Prelovac

WPtouch Moble Plugin by BraveNewCode

Web Developer Access

Let's say you have a user John Doe that needs access to the web files, here is how you can allow him access to upload files to the site.

Create a user called jdoe and set his home folder to the root of the web site and make him part of the group that the web service belongs to:

sudo useradd -d /var/www/html -G www-data jdoe

Now set his password:

sudo passwd jdoe

If jdoe already exists on your server, you can instead modify his account:

sudo usermod -a -G www-data jdoe

If jdoe already exists, you probably don't want to mess with his existing home directory setting but if you do, this is how you do it:

sudo usermod -d /var/www/html jdoe

The last thing to do is to make sure the web site is group-writable and to set the setgid sticky bit permission on the website's root directory to ensure any files created will inherit the group ID from the parent directory. That means when John Doe uploads an html file, it will belong to the www-data group which is the same as the web service and allows the web server to display that file rather than an access denied error.